Recent news about Microsoft trusting StartSSL root CA in the security update has brought my attention to this company called StartCom.
They offer instant SSL certificate signing for free. Turns out Microsoft Windows is not the only operating system that trusts StartSSL’s root CA, it works on Linux, Mac and iPhone as well. So, to secure your own website for free, here is how you do it:
www.startssl.com
First, go to www.startssl.com to register an account. They will send you an E-mail with a verification code. You will have to check your E-mail account to activate it. This will generate a personal certificate that is automatically installed into your browser.
The next step would be to verify that you are the owner of the domain you intend to secure. In the StartSSL control panel which you will see once you login, click on the Validation Wizard and select validate domain and use one of the E-mail addresses to verify it.
Again, you will have to check your E-mail and activate it using the code that you received.
Now use openssl to generate your private key:
openssl genrsa 4096 > private.key
4096 means the key is 4096 bits long. You have to use at least 2048 bits for StartSSL to sign it.
Then create a certificate signing request:
openssl req -new -key private.key > request.csr
Go back to StartSSL control panel and click on the Certificate Wizard. Choose Website SSL/TLS option. Skip the private key generation. Upload the entire content of your request.csr file. The wizard is quite easy to follow, just finish up and you will get your certificate in PEM format. Save it as a file on your local system.
Soon you will receive another E-mail saying you’ll need to read this page to complete your certificate installation.
This is because your computer will trust the root CA but does not know about the intermediate CA that actually signed your certificate. You will have to tell your website visitors that you have a chained CA so that they know how to follow the chain of trust. To do that, you can follow the instruction on the page if your server is listed in there
I founded the Blog DepoTech in January 2015. Self-taught in development, I have always pushed my curiosity about the topics,Web and Tech news.
1 comments:
Click here for commentsSSL Certificates protect your customer's personal data including passwords, credit cards and identity information. Getting an SSL certificate is the easiest way to increase your customer's confidence in your online business.
ConversionConversion EmoticonEmoticon